Emergency services like 911 no longer cyber-safe, GAO reports

Giuseppe Macri Tech Editor
Font Size:

Federal and state emergency services like 911 are no long safe from cyberattacks or cybersecurity privacy breaches, according to a report released Tuesday from the Government Accountability Office.

As communications technology progresses, state and local emergency response services like police dispatch and 911 have been, for the most part, slow to adopt newer Internet and networked-based computer systems as a result of the expense for hardware and training.

In recent years, the federal government — through agencies like the Department of Homeland Security — has assisted in updating and inter-connecting these services, allowing more access to information shared by more agencies and responders than ever before. The Transportation and Commerce Departments gave states $43.5 million from 2009 to 2012 to implement new 911 technology.

That connectivity and reliance on shared systems has also made more agencies, responders and those seeking their help more vulnerable to privacy breaches and cyberattacks.

“Individuals can contact fire, medical, and police first responders in an emergency by dialing 911,” the report said. “To provide effective emergency services, public safety entities such as 911 call centers use technology including databases that identifies phone number and location data of callers.”

“Because these critical systems are becoming more interconnected, they are also increasingly susceptible to cyber-based threats that accompany the use of Internet-based services,” the report explains. “This, in turn, could impact the availability of 911 services.”

In its assessment, the GAO recommends that DHS partner with the Departments of Commerce, Justice, Transportation and the Federal Communications Commission to address cybersecurity threats ranging from hackers interested in stealing data to terrorists plotting attacks, with the additional goal of shutting down emergency response to those attacks.

Some of those threats have already surfaced. According to information obtained from DHS, victims were denied emergency services 600 times in 2013 as a result of attacks, 200 of which targeted offices of public safety specifically.

According to the report, DHS is in the process of drawing up plans to address cybersecurity threats posed by Internet protocol and cloud-based infrastructures.

The National Infrastructure Protection Plan, which will reportedly detail how to beef up cybersecurity in specific “sectors” for 911 and the National Public Safety Broadband Network, is due by December 2014.

Follow Giuseppe on Twitter